search

jenkinsci / dependency-track-plugin

Main repository for the official Dependency-Track Jenkins plugin
https://dependencytrack.org/
Apache License 2.0
44 stars 27 forks source link

support classifier assignment from pipeline #145

Closed bahrb closed 1 year ago

bahrb commented 1 year ago

Is your feature request related to a problem? Please describe.

We push different types of s-bom's to the d-track server:

Jenkins does the creation of the projects within d-track and currently every created project must be manually updated to set the correct classifier, this is tedious.

Describe the solution you'd like

Enable the handover for the classifier value like the other properties(parentId, group, swid, etc.):


node {
    stage('dependencyTrackPublisher') {
        try {
            dependencyTrackPublisher artifact: 'target/bom.xml', projectId: 'a65ea72b-5b77-40c5-8b19-fb83525f40eb', synchronous: true, classifier: "Framework"
        } catch (e) {
            echo 'failed'
        }
    }
}
``
sephiroth-j commented 1 year ago

Dependency-Track reads the classifier from the SBOM. If the classifier is wrong, check the SBOM or create a bug report at Dependency-Track.